Author
Message
lilott8 DD-WRT Novice Joined: 24 Jan 2019 Posts: 2
Posted: Thu Jan 24, 2019 23:49 Post subject: [SOLVED] PiHole as DNS but still need Forced DNS resolution
I have the current configuration:
Router: 192.168.2.1\24
PiHole(DHCP/DNS): 192.168.2.10\24 (Static)
My DHCP range is: 192.168.2.200-255
I try to use IP tables to force DNS redirection using the following rules:
Code:
#keep network on pi-hole
iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 192.168.1.pi:53
iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 192.168.1.pi:53
#punch DNS hole for pi-hole
iptables -t nat -I PREROUTING -i br0 -p tcp -s 192.168.1.pi --dport 53 -j ACCEPT
iptables -t nat -I PREROUTING -i br0 -p udp -s 192.168.1.pi --dport 53 -j ACCEPT
But this kills all DNS requests from the Pihole.
I've also tried using DD-WRT for DHCP and giving the DNS resolver as the PiHole., as I can check the force DNS redirection box. But the same thing happens, DNS dies once that configuration takes place. I'm not certain what I need to do to keep DNS redirection *and* have the PiHole do what it does. Last edited by lilott8 on Mon Jan 28, 2019 19:46; edited 1 time in total
Back to top
Sponsor
BR07H3R DD-WRT User Joined: 24 Dec 2017 Posts: 135
Posted: Sat Jan 26, 2019 5:26 Post subject:
Check out my pi-hole thread in the broadcom section. Hint make sure you tell pi-hole to listen on all interfaces. It wouldn't work for me until I did that. I'm also using it as local DNS.
EDIT
It worked without doing this.. but only for br0 Last edited by BR07H3R on Sat Jan 26, 2019 6:13; edited 1 time in total
Back to top
BR07H3R DD-WRT User Joined: 24 Dec 2017 Posts: 135
Posted: Sat Jan 26, 2019 5:50 Post subject:
Code: iptables -I FORWARD -i br0 -p tcp -d 192.168.1.115 --dport 53 -j ACCEPT
iptables -I FORWARD -i br0 -p udp -d 192.168.1.115 --dport 53 -j ACCEPT
Try this.. looks like your first two lines are causing problems. Replace them with this Last edited by BR07H3R on Sat Jan 26, 2019 6:38; edited 1 time in total
Back to top
BR07H3R DD-WRT User Joined: 24 Dec 2017 Posts: 135
Posted: Sat Jan 26, 2019 5:58 Post subject:
Services tab
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Back to top
lilott8 DD-WRT Novice Joined: 24 Jan 2019 Posts: 2
Posted: Sun Jan 27, 2019 5:05 Post subject:
Thanks @egc. That worked. I just added Code: -s ! raspberry.pi.ip.address
to the first 2 lines, where I redirect all DNS to Rpi. And it worked perfectly.
I knew it was simple and knew that I was redirecting DNS back to the pihole. I am slowly getting familiar with iptables commands.
Thanks!
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Back to top
kyven DD-WRT Novice Joined: 31 Jul 2019 Posts: 2
Posted: Wed Jul 31, 2019 18:06 Post subject: the same problem
HI , I have the same problem.
On my router (192.168.2.1) Im using only these two lines :
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p tcp --dport 53 -j DNAT --to 192.168.2.149
iptables -t nat -A PREROUTING -i br0 -s 192.168.2.101 -p udp --dport 53 -j DNAT --to 192.168.2.149
I can see that DNS has come to PI-HOLE server (192.168.2.149), but Im receiving DNS timeout.
When I enable force DNS redirection, it looks like iptable rules are completly ignored and nothing is forwarded to 192.168.2.149
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12885 Location: Netherlands
Posted: Wed Jul 31, 2019 18:53 Post subject:
This thread is already marked as solved by the OP.
Please start your own thread, state router, build number and explain your problem, the more info you provide the better we can help _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top
kyven DD-WRT Novice Joined: 31 Jul 2019 Posts: 2
Posted: Wed Jul 31, 2019 21:11 Post subject: reply
thanks , I have already found one solution for this problem.
After POSTROUTING rules I had to add
iptables -t nat -A POSTROUTING -j MASQUERADE
Problem is that since then I can not see original IP adress of DNS request /all of them seems like from router itself/ , but at least its working ...
Back to top